"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Ultimate Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [ESET]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM…CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM…Wow…CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
-> {HKLM…CLSID} = Workspaces
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM…CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM…CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM…CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM…CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM…CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM…CLSID} = Enterprise Projects
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = Snagit
-> {HKLM…CLSID} = Snagit
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [TechSmith Corporation]
{CF74B903-3389-469c-B3B6-0204D204FCBD} = SnagIt Shell Extension
-> {HKLM…CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
-> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]
{AD392E40-428C-459F-961E-9B147782D099} = UltraISO
-> {HKLM…CLSID} = UIContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
{83238FAE-D346-4E12-8734-D42F7554B3E6} = DivX Thumbnail Provider
-> {HKLM…CLSID} = DivX Thumbnail Provider
\InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll [DivX, Inc.]
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} = DivX Property Handler
-> {HKLM…CLSID} = DivX Property Handler
\InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll [DivX, Inc.]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension
-> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{C78B613F-F3EA-11D2-94A1-00E0292A01E3} = Shell Extension for Altap Salamander 2.53
-> {HKLM…Wow…CLSID} = Shell Extension for Altap Salamander 2.53
\InProcServer32\(Default) = C:\Program Files (x86)\a253\plugins\salamext.dll [ALTAP]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
-> {HKLM…Wow…CLSID} = Workspaces
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…Wow…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM…Wow…CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM…Wow…CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM…Wow…CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…Wow…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM…Wow…CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM…Wow…CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
-> {HKLM…Wow…CLSID} = Microsoft Outlook
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM…Wow…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{40D6434C-DE6A-4C61-B016-96DF78B20E7E} = Web Sites
-> {HKLM…Wow…CLSID} = Web Sites
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Expression\Web 4\fpnse.dll [MS]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = Snagit
-> {HKLM…Wow…CLSID} = Snagit
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [TechSmith Corporation]
{CF74B903-3389-469c-B3B6-0204D204FCBD} = SnagIt Shell Extension
-> {HKLM…Wow…CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitShellExt.dll [TechSmith Corporation]
{C78B6140-F3EA-11D2-94A1-00E0292A01E3} = Shell Extension for Altap Salamander 2.54
-> {HKLM…Wow…CLSID} = Shell Extension for Altap Salamander 2.54
\InProcServer32\(Default) = C:\Program Files (x86)\a254\plugins\salamext.dll [ALTAP]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…Wow…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…Wow…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{8903F6C9-25E3-40AC-A98F-E6D35CD0469C} = PSPad
-> {HKLM…Wow…CLSID} = PSPad
\InProcServer32\(Default) = C:\PROGRA~2\PSPADE~1\PSPADS~1.DLL [null data]
{83238FAE-D346-4E12-8734-D42F7554B3E6} = DivX Thumbnail Provider
-> {HKLM…Wow…CLSID} = DivX Thumbnail Provider
\InProcServer32\(Default) = C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll [DivX, Inc.]
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} = DivX Property Handler
-> {HKLM…Wow…CLSID} = DivX Property Handler
\InProcServer32\(Default) = C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll [DivX, Inc.]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension
-> {HKLM…Wow…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll [ESET]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
TextPad\(Default) = {ABECE8A0-FF84-4efb-82AE-9B3181CE097D}
-> {HKCU…CLSID} = TextPad
\InProcServer32\(Default) = C:\Program Files (x86)\TextPad 5\System\shellext64.dll [Helios Software Solutions]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D}
-> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET]
Notepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
-> {HKLM…CLSID} = Notepad++64
\InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_01.dll [null data]
SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD}
-> {HKLM…CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD}
-> {HKLM…CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
-> {HKLM…CLSID} = UIContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
-> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D}
-> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
-> {HKLM…CLSID} = UIContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\
AlwaysShowMenus = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\PalmDesert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ASHAshampoo_Burning_Studio_6_FREEBURNONARRIVAL\
Provider = Ashampoo Burning Studio 6 FREE
InvokeProgID = Ashampoo.BurningStudio6FREE
InvokeVerb = autoplay-burn
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio6FREE\shell\autoplay-burn\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\burningstudio.exe" -autoplay -selectdrive "%l" [ashampoo Technology GmbH & Co. KG]
ASHAshampoo_Burning_Studio_6_FREECOPYONARRIVAL\
Provider = Ashampoo Burning Studio 6 FREE
InvokeProgID = Ashampoo.BurningStudio6FREE
InvokeVerb = autoplay-copy
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio6FREE\shell\autoplay-copy\Command\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\burningstudio.exe" -autoplay -selectdrive "%l" -copy [file not found]
ASHAshampoo_Burning_Studio_6_FREERIPONARRIVAL\
Provider = Ashampoo Burning Studio 6 FREE
InvokeProgID = Ashampoo.BurningStudio6FREE
InvokeVerb = autoplay-rip
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio6FREE\shell\autoplay-rip\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\burningstudio.exe" -autoplay -selectdrive "%l" -rip [ashampoo Technology GmbH & Co. KG]
ImgBurnBDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleBDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]
ImgBurnBDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleBDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]
ImgBurnCDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleCDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]
ImgBurnCDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleCDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]
ImgBurnDVDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleDVDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]
ImgBurnDVDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleDVDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]
ImgBurnHDDVDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleHDDVDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]
ImgBurnHDDVDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleHDDVDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]
ImgBurnPlayBluRayOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayBluRayOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]
ImgBurnPlayCDAudioOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayCDAudioOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]
ImgBurnPlayDVDMovieOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayDVDMovieOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]
ImgBurnPlayHDDVDOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayHDDVDOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team]
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team]
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team]
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team]
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team]
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team]
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team]
WIA_{232D201B-CA75-4907-BF81-E25C434ADBC0}\
Provider = MF Toolbox Ver4.9
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MF Toolbox Ver4.9\MfTBox.exe /StiDevice:%1 /StiEvent:%2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
Windows Sidebar Gadgets:
------------------------
C:\Users\PalmDesert\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CRSSFeeds.Gadget"
Non-disabled Scheduled Tasks:
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
User_Feed_Synchronization-{05C3B55D-ED2F-45FF-9519-90FF61064E0E} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{684A6972-70A3-4ACC-AC79-679CDE7625AA} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\PalmDesert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXNL732Y\258.96_desktop_win7_winvista_64bit_english_whql[1].exe" -d C:\Users\PalmDesert\Desktop [MS]
{6C0EFA48-4325-4D0B-ACAB-D4EFFCACA00B} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\PalmDesert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ7PZPOD\as254.exe" -d C:\Users\PalmDesert\Desktop [MS]
{7C3F9969-CAEA-4F4C-8267-D0B96001C092} -> launches: C:\Windows\system32\pcalua.exe -a C:\swsetup\IDT_07-16-2010_sp48945.exe -d C:\swsetup [MS]
{B4386086-B889-49A0-9FBA-8AB62D712675} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\Bat_To_Exe_Converter\Bat_To_Exe_Converter.exe -d C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\Bat_To_Exe_Converter [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM…CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM…Wow…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM…CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM…Wow…CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM…CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM…CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM…CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM…CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM…Wow…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM…CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM…CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
{E6846530-6088-4AA3-932F-C6245CE59A4C}\
MenuText = Speckie Settings
CLSIDExtension = {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}
-> {HKLM…CLSID} = Speckie
\InProcServer32\(Default) = C:\Users\PalmDesert\AppData\Roaming\Speckie\bin64\Speckie64.dll [Versoworks Pty Ltd]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\
ButtonText = ieSpell
MenuText = ieSpell
Script = res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM [Red Egg Software]
{1606D6F9-9D3B-4AEA-A025-ED5B2FD488E7}\
MenuText = ieSpell Options
Script = res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM [Red Egg Software]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM…Wow…CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype add-on for Internet Explorer
MenuText = Skype add-on for Internet Explorer
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
-> {HKLM…Wow…CLSID} = Skype add-on for Internet Explorer (toolbar button)
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.]
{E6846530-6088-4AA3-932F-C6245CE59A4C}\
MenuText = Speckie Settings
CLSIDExtension = {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}
-> {HKLM…Wow…CLSID} = Speckie
\InProcServer32\(Default) = C:\Users\PalmDesert\AppData\Roaming\Speckie\bin32\Speckie32.dll [Versoworks Pty Ltd]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> Speckie = res://speckie64.dll/speckie.htm [file not found]
HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 23 domain names to IP addresses,
10 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Andrea ST Filters Service, AESTFilters, C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [Andrea Electronics Corporation]
Audio Service, STacSV, C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [IDT, Inc.]
ESET Service, ekrn, "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [ESET]
HP Service, hpsrv, C:\Windows\system32\Hpservice.exe [Hewlett-Packard Company]
NVIDIA Display Driver Service, NVSvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Accessibility Tools:
--------------------
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\
Configuration = togglekeys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\
Configuration = togglekeys
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bullzip PDF Print Monitor\Driver = bzpdf.dll [Bullzip]
CPCA Language Monitor3\Driver = CNAS0MMK.DLL [Canon Inc.]
---------- (launch time: 2012-04-28 20:08:06)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 382 seconds.
---------- (total run time: 433 seconds)